Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
77
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
88
Finding 5 bugs in a single parameter
jr0ch17
0
61
Beyond the Borders of Scope
jr0ch17
0
44
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
Copilotの力を実感! 3ヶ月間の生成AI研修の試行錯誤&成功事例をご紹介。果たして得たものとは・・?
ktc_shiori
0
350
Amazon Q Developerで.NET Frameworkプロジェクトをモダナイズしてみた
kenichirokimura
1
200
comilioとCloudflare、そして未来へと向けて
oliver_diary
6
450
re:Invent2024 KeynoteのAmazon Q Developer考察
yusukeshimizu
1
150
Building Scalable Backend Services with Firebase
wisdommatt
0
110
技術に触れたり、顔を出そう
maruto
1
150
AIアプリケーション開発でAzure AI Searchを使いこなすためには
isidaitc
1
120
あなたの人生も変わるかも?AWS認定2つで始まったウソみたいな話
iwamot
3
860
Accessibility Inspectorを活用した アプリのアクセシビリティ向上方法
hinakko
0
180
AWS Community Builderのススメ - みんなもCommunity Builderに応募しよう! -
smt7174
0
180
あなたの知らないクラフトビールの世界
miura55
0
130
Unsafe.BitCast のすゝめ。
nenonaninu
0
200
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
127
18k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
A designer walks into a library…
pauljervisheath
205
24k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.5k
Side Projects
sachag
452
42k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
How STYLIGHT went responsive
nonsquared
96
5.3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.5k
The Invisible Side of Design
smashingmag
299
50k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
192
16k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
ktc_shiori
kenichirokimura
oliver_diary
yusukeshimizu
wisdommatt
maruto
isidaitc
iwamot
hinakko
smt7174
miura55
nenonaninu
morganepeng
keithpitt
pauljervisheath
maggiecrowley
sachag
denniskardys
nonsquared
kevinliebholz
smashingmag
wjessup
afnizarnur
eileencodes
